diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
commit | 7585facf05d927eb6df3929ce09ed5e60d905437 (patch) | |
tree | e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libcharon/encoding/payloads | |
parent | c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff) | |
download | vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip |
Imported Upstream version 5.0.2
Diffstat (limited to 'src/libcharon/encoding/payloads')
25 files changed, 469 insertions, 78 deletions
diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 3a230b91e..a32f5705d 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -234,6 +234,23 @@ METHOD(cert_payload_t, get_cert, certificate_t*, BUILD_BLOB_ASN1_DER, this->data, BUILD_END); } +METHOD(cert_payload_t, get_container, container_t*, + private_cert_payload_t *this) +{ + int type; + + switch (this->encoding) + { + case ENC_PKCS7_WRAPPED_X509: + type = CONTAINER_PKCS7; + break; + default: + return NULL; + } + return lib->creds->create(lib->creds, CRED_CONTAINER, type, + BUILD_BLOB_ASN1_DER, this->data, BUILD_END); +} + METHOD(cert_payload_t, get_hash, chunk_t, private_cert_payload_t *this) { @@ -289,6 +306,7 @@ cert_payload_t *cert_payload_create(payload_type_t type) .destroy = _destroy, }, .get_cert = _get_cert, + .get_container = _get_container, .get_cert_encoding = _get_cert_encoding, .get_hash = _get_hash, .get_url = _get_url, diff --git a/src/libcharon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h index 19ed2ccd2..834f35d60 100644 --- a/src/libcharon/encoding/payloads/cert_payload.h +++ b/src/libcharon/encoding/payloads/cert_payload.h @@ -28,10 +28,11 @@ typedef enum cert_encoding_t cert_encoding_t; #include <library.h> #include <credentials/certificates/certificate.h> +#include <credentials/containers/container.h> #include <encoding/payloads/payload.h> /** - * Certifcate encodings, as in RFC4306 + * Certificate encodings, as in RFC4306 */ enum cert_encoding_t { ENC_PKCS7_WRAPPED_X509 = 1, @@ -65,13 +66,20 @@ struct cert_payload_t { payload_t payload_interface; /** - * Get the playoads encoded certifcate. + * Get the payloads encoded certificate. * - * @return certifcate copy + * @return certificate copy */ certificate_t *(*get_cert)(cert_payload_t *this); /** + * Get the payloads certificate container. + * + * @return container copy + */ + container_t *(*get_container)(cert_payload_t *this); + + /** * Get the encoding of the certificate. * * @return encoding diff --git a/src/libcharon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h index cce71c0ad..2915decf3 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.h +++ b/src/libcharon/encoding/payloads/certreq_payload.h @@ -56,7 +56,7 @@ struct certreq_payload_t { /** * Add a certificates keyid to the payload (IKEv2 only). * - * @param keyid keyid of the trusted certifcate + * @param keyid keyid of the trusted certificate * @return */ void (*add_keyid)(certreq_payload_t *this, chunk_t keyid); diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index 40f6ae48f..f6f373f99 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -20,7 +20,7 @@ #include "cp_payload.h" #include <encoding/payloads/encodings.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> ENUM(config_type_names, CFG_REQUEST, CFG_ACK, "CFG_REQUEST", diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index 5eb1e06a7..c23bc0bb4 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -28,7 +28,7 @@ typedef struct cp_payload_t cp_payload_t; #include <library.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/configuration_attribute.h> -#include <utils/enumerator.h> +#include <collections/enumerator.h> /** * Config Type of an Configuration Payload. diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index dd2e25795..f2f35aa69 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -410,14 +410,15 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, eap_type_t reg_type; u_int32_t reg_vendor; bio_writer_t *writer; - chunk_t length, data; + chunk_t data; bool added_any = FALSE, found_vendor = FALSE; eap_payload_t *payload; writer = bio_writer_create(12); writer->write_uint8(writer, EAP_RESPONSE); writer->write_uint8(writer, identifier); - length = writer->skip(writer, 2); + /* write zero length, we update it once we know the length */ + writer->write_uint16(writer, 0); write_type(writer, EAP_NAK, 0, expanded); @@ -453,10 +454,9 @@ eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, /* set length */ data = writer->get_buf(writer); - htoun16(length.ptr, data.len); + htoun16(data.ptr + offsetof(eap_packet_t, length), data.len); payload = eap_payload_create_data(data); writer->destroy(writer); return payload; } - diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c index 02e7b8bf3..6ba1b23a0 100644 --- a/src/libcharon/encoding/payloads/encryption_payload.c +++ b/src/libcharon/encoding/payloads/encryption_payload.c @@ -23,7 +23,7 @@ #include <daemon.h> #include <encoding/payloads/encodings.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <encoding/generator.h> #include <encoding/parser.h> diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c new file mode 100644 index 000000000..1a6b3234b --- /dev/null +++ b/src/libcharon/encoding/payloads/fragment_payload.c @@ -0,0 +1,225 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "fragment_payload.h" + +#include <encoding/payloads/encodings.h> + +/** Flag that is set in case the given fragment is the last for the message */ +#define LAST_FRAGMENT 0x01 + +typedef struct private_fragment_payload_t private_fragment_payload_t; + +/** + * Private data of an fragment_payload_t object. + */ +struct private_fragment_payload_t { + + /** + * Public fragment_payload_t interface. + */ + fragment_payload_t public; + + /** + * Next payload type. + */ + u_int8_t next_payload; + + /** + * Reserved byte + */ + u_int8_t reserved; + + /** + * Length of this payload. + */ + u_int16_t payload_length; + + /** + * Fragment ID. + */ + u_int16_t fragment_id; + + /** + * Fragment number. + */ + u_int8_t fragment_number; + + /** + * Flags + */ + u_int8_t flags; + + /** + * The contained fragment data. + */ + chunk_t data; +}; + +/** + * Encoding rules for an IKEv1 fragment payload + */ +static encoding_rule_t encodings[] = { + /* 1 Byte next payload type, stored in the field next_payload */ + { U_INT_8, offsetof(private_fragment_payload_t, next_payload) }, + { RESERVED_BYTE, offsetof(private_fragment_payload_t, reserved) }, + /* Length of the whole payload*/ + { PAYLOAD_LENGTH, offsetof(private_fragment_payload_t, payload_length) }, + { U_INT_16, offsetof(private_fragment_payload_t, fragment_id) }, + { U_INT_8, offsetof(private_fragment_payload_t, fragment_number) }, + { U_INT_8, offsetof(private_fragment_payload_t, flags) }, + /* Fragment data is of variable size */ + { CHUNK_DATA, offsetof(private_fragment_payload_t, data) }, +}; + +/* + 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Next Payload ! RESERVED ! Payload Length ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! Fragment ID ! Fragment Num ! Flags ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ! ! + ~ Fragment Data ~ + ! ! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +*/ + +METHOD(payload_t, verify, status_t, + private_fragment_payload_t *this) +{ + if (this->fragment_number == 0) + { + return FAILED; + } + return SUCCESS; +} + +METHOD(payload_t, get_encoding_rules, int, + private_fragment_payload_t *this, encoding_rule_t **rules) +{ + *rules = encodings; + return countof(encodings); +} + +METHOD(payload_t, get_header_length, int, + private_fragment_payload_t *this) +{ + return 8; +} + +METHOD(payload_t, get_type, payload_type_t, + private_fragment_payload_t *this) +{ + return FRAGMENT_V1; +} + +METHOD(payload_t, get_next_type, payload_type_t, + private_fragment_payload_t *this) +{ + return this->next_payload; +} + +METHOD(payload_t, set_next_type, void, + private_fragment_payload_t *this, payload_type_t type) +{ + this->next_payload = type; +} + +METHOD(payload_t, get_length, size_t, + private_fragment_payload_t *this) +{ + return this->payload_length; +} + +METHOD(fragment_payload_t, get_id, u_int16_t, + private_fragment_payload_t *this) +{ + return this->fragment_id; +} + +METHOD(fragment_payload_t, get_number, u_int8_t, + private_fragment_payload_t *this) +{ + return this->fragment_number; +} + +METHOD(fragment_payload_t, is_last, bool, + private_fragment_payload_t *this) +{ + return (this->flags & LAST_FRAGMENT) == LAST_FRAGMENT; +} + +METHOD(fragment_payload_t, get_data, chunk_t, + private_fragment_payload_t *this) +{ + return this->data; +} + +METHOD2(payload_t, fragment_payload_t, destroy, void, + private_fragment_payload_t *this) +{ + free(this->data.ptr); + free(this); +} + +/* + * Described in header + */ +fragment_payload_t *fragment_payload_create() +{ + private_fragment_payload_t *this; + + INIT(this, + .public = { + .payload_interface = { + .verify = _verify, + .get_encoding_rules = _get_encoding_rules, + .get_header_length = _get_header_length, + .get_length = _get_length, + .get_next_type = _get_next_type, + .set_next_type = _set_next_type, + .get_type = _get_type, + .destroy = _destroy, + }, + .get_id = _get_id, + .get_number = _get_number, + .is_last = _is_last, + .get_data = _get_data, + .destroy = _destroy, + }, + .next_payload = NO_PAYLOAD, + ); + this->payload_length = get_header_length(this); + return &this->public; +} + +/* + * Described in header + */ +fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last, + chunk_t data) +{ + private_fragment_payload_t *this; + + this = (private_fragment_payload_t*)fragment_payload_create(); + this->fragment_id = 1; + this->fragment_number = num; + this->flags |= (last ? LAST_FRAGMENT : 0); + this->data = chunk_clone(data); + this->payload_length = get_header_length(this) + data.len; + return &this->public; +}
\ No newline at end of file diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h new file mode 100644 index 000000000..a49cf32dd --- /dev/null +++ b/src/libcharon/encoding/payloads/fragment_payload.h @@ -0,0 +1,94 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup fragment_payload fragment_payload + * @{ @ingroup payloads + */ + +#ifndef FRAGMENT_PAYLOAD_H_ +#define FRAGMENT_PAYLOAD_H_ + +typedef struct fragment_payload_t fragment_payload_t; + +#include <library.h> +#include <encoding/payloads/payload.h> + +/** + * Object representing an IKEv1 fragment payload. + */ +struct fragment_payload_t { + + /** + * The payload_t interface. + */ + payload_t payload_interface; + + /** + * Get the fragment ID. Identifies the fragments for a particular IKE + * message. + * + * @return fragment ID + */ + u_int16_t (*get_id)(fragment_payload_t *this); + + /** + * Get the fragment number. Defines the order of the fragments. + * + * @return fragment number + */ + u_int8_t (*get_number)(fragment_payload_t *this); + + /** + * Check if this is the last fragment. + * + * @return TRUE if this is the last fragment + */ + bool (*is_last)(fragment_payload_t *this); + + /** + * Get the fragment data. + * + * @return chunkt to internal fragment data + */ + chunk_t (*get_data)(fragment_payload_t *this); + + /** + * Destroys an fragment_payload_t object. + */ + void (*destroy)(fragment_payload_t *this); +}; + +/** + * Creates an empty fragment_payload_t object. + * + * @return fragment_payload_t object + */ +fragment_payload_t *fragment_payload_create(); + +/** + * Creates a fragment payload from the given data. All fragments currently + * have the same fragment ID (1), which seems what other implementations are + * doing. + * + * @param num fragment number (first one should be 1) + * @param last TRUE to indicate that this is the last fragment + * @param data fragment data (gets cloned) + * @return fragment_payload_t object + */ +fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last, + chunk_t data); + +#endif /** FRAGMENT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index 02b07d691..7470bb3b4 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -165,7 +165,7 @@ METHOD(payload_t, verify, status_t, { bool bad_length = FALSE; - if (this->type == NAT_OA_V1 && + if ((this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) && this->id_type != ID_IPV4_ADDR && this->id_type != ID_IPV6_ADDR) { DBG1(DBG_ENC, "invalid ID type %N for %N payload", id_type_names, @@ -195,7 +195,8 @@ METHOD(payload_t, verify, status_t, METHOD(payload_t, get_encoding_rules, int, private_id_payload_t *this, encoding_rule_t **rules) { - if (this->type == ID_V1 || this->type == NAT_OA_V1) + if (this->type == ID_V1 || + this->type == NAT_OA_V1 || this->type == NAT_OA_DRAFT_00_03_V1) { *rules = encodings_v1; return countof(encodings_v1); diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index e6b7d0dff..d9a44dd0c 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -72,7 +72,7 @@ enum exchange_type_t{ AUTH_ONLY = 3, /** - * Aggresive (Aggressive mode) + * Aggressive (Aggressive mode) */ AGGRESSIVE = 4, diff --git a/src/libcharon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index 5942954d9..d3aa18484 100644 --- a/src/libcharon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h @@ -27,7 +27,7 @@ typedef struct ke_payload_t ke_payload_t; #include <library.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/transform_substructure.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <crypto/diffie_hellman.h> /** diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index beec1e233..498c659b1 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -30,7 +30,7 @@ typedef struct notify_payload_t notify_payload_t; #include <library.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/proposal_substructure.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> /** * Notify message types for IKEv2, and a subset for IKEv1. diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index dc158476b..f9dd33edb 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -36,6 +36,7 @@ #include <encoding/payloads/configuration_attribute.h> #include <encoding/payloads/eap_payload.h> #include <encoding/payloads/hash_payload.h> +#include <encoding/payloads/fragment_payload.h> #include <encoding/payloads/unknown_payload.h> ENUM_BEGIN(payload_type_names, NO_PAYLOAD, NO_PAYLOAD, @@ -79,20 +80,17 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWORD_METH #ifdef ME ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, "ID_PEER"); -ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, ID_PEER, - "HEADER", - "PROPOSAL_SUBSTRUCTURE", - "PROPOSAL_SUBSTRUCTURE_V1", - "TRANSFORM_SUBSTRUCTURE", - "TRANSFORM_SUBSTRUCTURE_V1", - "TRANSFORM_ATTRIBUTE", - "TRANSFORM_ATTRIBUTE_V1", - "TRAFFIC_SELECTOR_SUBSTRUCTURE", - "CONFIGURATION_ATTRIBUTE", - "CONFIGURATION_ATTRIBUTE_V1", - "ENCRYPTED_V1"); +ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER, + "NAT_D_DRAFT_V1", + "NAT_OA_DRAFT_V1", + "FRAGMENT"); #else -ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD, + "NAT_D_DRAFT_V1", + "NAT_OA_DRAFT_V1", + "FRAGMENT"); +#endif /* ME */ +ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, "HEADER", "PROPOSAL_SUBSTRUCTURE", "PROPOSAL_SUBSTRUCTURE_V1", @@ -104,7 +102,6 @@ ENUM_NEXT(payload_type_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METH "CONFIGURATION_ATTRIBUTE", "CONFIGURATION_ATTRIBUTE_V1", "ENCRYPTED_V1"); -#endif /* ME */ ENUM_END(payload_type_names, ENCRYPTED_V1); /* short forms of payload names */ @@ -147,23 +144,19 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, GENERIC_SECURE_PASSWOR "EAP", "GSPM"); #ifdef ME -ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, - GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, GENERIC_SECURE_PASSWORD_METHOD, "IDp"); -ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, ID_PEER, - "HDR", - "PROP", - "PROP", - "TRANS", - "TRANS", - "TRANSATTR", - "TRANSATTR", - "TSSUB", - "CATTR", - "CATTR", - "E"); +ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, ID_PEER, + "NAT-D", + "NAT-OA", + "FRAG"); #else -ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWORD_METHOD, +ENUM_NEXT(payload_type_short_names, NAT_D_DRAFT_00_03_V1, FRAGMENT_V1, GENERIC_SECURE_PASSWORD_METHOD, + "NAT-D", + "NAT-OA", + "FRAG"); +#endif /* ME */ +ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, FRAGMENT_V1, "HDR", "PROP", "PROP", @@ -175,7 +168,6 @@ ENUM_NEXT(payload_type_short_names, HEADER, ENCRYPTED_V1, GENERIC_SECURE_PASSWOR "CATTR", "CATTR", "E"); -#endif /* ME */ ENUM_END(payload_type_short_names, ENCRYPTED_V1); /* @@ -206,6 +198,7 @@ payload_t *payload_create(payload_type_t type) case ID_RESPONDER: case ID_V1: case NAT_OA_V1: + case NAT_OA_DRAFT_00_03_V1: #ifdef ME case ID_PEER: #endif /* ME */ @@ -239,6 +232,7 @@ payload_t *payload_create(payload_type_t type) case HASH_V1: case SIGNATURE_V1: case NAT_D_V1: + case NAT_D_DRAFT_00_03_V1: return (payload_t*)hash_payload_create(type); case CONFIGURATION: case CONFIGURATION_V1: @@ -251,6 +245,8 @@ payload_t *payload_create(payload_type_t type) case ENCRYPTED: case ENCRYPTED_V1: return (payload_t*)encryption_payload_create(type); + case FRAGMENT_V1: + return (payload_t*)fragment_payload_create(); default: return (payload_t*)unknown_payload_create(type); } @@ -283,6 +279,10 @@ bool payload_is_known(payload_type_t type) return TRUE; } #endif + if (type >= NAT_D_DRAFT_00_03_V1 && type <= FRAGMENT_V1) + { + return TRUE; + } return FALSE; } diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index d5e862601..0e8a9267b 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -123,7 +123,7 @@ enum payload_type_t { NAT_D_V1 = 20, /** - * NAT original address payload (NAT-OA) + * NAT original address payload (NAT-OA). */ NAT_OA_V1 = 21, @@ -221,6 +221,21 @@ enum payload_type_t { #endif /* ME */ /** + * NAT discovery payload (NAT-D) (drafts). + */ + NAT_D_DRAFT_00_03_V1 = 130, + + /** + * NAT original address payload (NAT-OA) (drafts). + */ + NAT_OA_DRAFT_00_03_V1 = 131, + + /** + * IKE fragment (proprietary IKEv1 extension) + */ + FRAGMENT_V1 = 132, + + /** * Header has a value of PRIVATE USE space. * * This type and all the following are never sent over wire and are diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 653f51a46..ae0fce991 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -22,7 +22,7 @@ #include <encoding/payloads/encodings.h> #include <encoding/payloads/transform_substructure.h> #include <library.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <daemon.h> /** @@ -253,6 +253,8 @@ typedef enum { IKEV1_ENCAP_TRANSPORT = 2, IKEV1_ENCAP_UDP_TUNNEL = 3, IKEV1_ENCAP_UDP_TRANSPORT = 4, + IKEV1_ENCAP_UDP_TUNNEL_DRAFT_00_03 = 61443, + IKEV1_ENCAP_UDP_TRANSPORT_DRAFT_00_03 = 61444, } ikev1_esp_encap_t; /** @@ -810,14 +812,30 @@ static u_int16_t get_ikev1_auth(auth_method_t method) /** * Get IKEv1 encapsulation mode */ -static u_int16_t get_ikev1_mode(ipsec_mode_t mode, bool udp) +static u_int16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp) { switch (mode) { case MODE_TUNNEL: - return udp ? IKEV1_ENCAP_UDP_TUNNEL : IKEV1_ENCAP_TUNNEL; + switch (udp) + { + case ENCAP_UDP: + return IKEV1_ENCAP_UDP_TUNNEL; + case ENCAP_UDP_DRAFT_00_03: + return IKEV1_ENCAP_UDP_TUNNEL_DRAFT_00_03; + default: + return IKEV1_ENCAP_TUNNEL; + } case MODE_TRANSPORT: - return udp ? IKEV1_ENCAP_UDP_TRANSPORT : IKEV1_ENCAP_TRANSPORT; + switch (udp) + { + case ENCAP_UDP: + return IKEV1_ENCAP_UDP_TRANSPORT; + case ENCAP_UDP_DRAFT_00_03: + return IKEV1_ENCAP_UDP_TRANSPORT_DRAFT_00_03; + default: + return IKEV1_ENCAP_TRANSPORT; + } default: return IKEV1_ENCAP_TUNNEL; } @@ -1125,9 +1143,11 @@ METHOD(proposal_substructure_t, get_encap_mode, ipsec_mode_t, case IKEV1_ENCAP_TUNNEL: return MODE_TUNNEL; case IKEV1_ENCAP_UDP_TRANSPORT: + case IKEV1_ENCAP_UDP_TRANSPORT_DRAFT_00_03: *udp = TRUE; return MODE_TRANSPORT; case IKEV1_ENCAP_UDP_TUNNEL: + case IKEV1_ENCAP_UDP_TUNNEL_DRAFT_00_03: *udp = TRUE; return MODE_TUNNEL; default: @@ -1263,7 +1283,7 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, */ static void set_from_proposal_v1_esp(private_proposal_substructure_t *this, proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, - ipsec_mode_t mode, bool udp, int number) + ipsec_mode_t mode, encap_t udp, int number) { transform_substructure_t *transform = NULL; u_int16_t alg, key_size; @@ -1459,7 +1479,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp) + auth_method_t auth, ipsec_mode_t mode, encap_t udp) { private_proposal_substructure_t *this; @@ -1487,7 +1507,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp) + auth_method_t auth, ipsec_mode_t mode, encap_t udp) { private_proposal_substructure_t *this = NULL; enumerator_t *enumerator; @@ -1531,7 +1551,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, - ipsec_mode_t mode, bool udp, u_int8_t proposal_number) + ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number) { private_proposal_substructure_t *this; transform_substructure_t *transform; diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index 5d42a6116..c8e7adfd8 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -23,17 +23,27 @@ #ifndef PROPOSAL_SUBSTRUCTURE_H_ #define PROPOSAL_SUBSTRUCTURE_H_ +typedef enum encap_t encap_t; typedef struct proposal_substructure_t proposal_substructure_t; #include <library.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/transform_substructure.h> #include <config/proposal.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <kernel/kernel_ipsec.h> #include <sa/authenticator.h> /** + * Encap type for proposal substructure + */ +enum encap_t { + ENCAP_NONE = 0, + ENCAP_UDP, + ENCAP_UDP_DRAFT_00_03, +}; + +/** * Class representing an IKEv1/IKEv2 proposal substructure. */ struct proposal_substructure_t { @@ -179,12 +189,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * @param lifebytes lifebytes, in bytes * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL - * @param udp TRUE to use UDP encapsulation + * @param udp ENCAP_UDP to use UDP encapsulation * @return proposal_substructure_t object PROPOSAL_SUBSTRUCTURE_V1 */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp); + auth_method_t auth, ipsec_mode_t mode, encap_t udp); /** * Creates an IKEv1 proposal_substructure_t from a list of proposal_t. @@ -194,12 +204,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * @param lifebytes lifebytes, in bytes * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL - * @param udp TRUE to use UDP encapsulation + * @param udp ENCAP_UDP to use UDP encapsulation * @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1 */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp); + auth_method_t auth, ipsec_mode_t mode, encap_t udp); /** * Creates an IKEv1 proposal_substructure_t for IPComp with the given @@ -209,12 +219,12 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * @param lifebytes lifebytes, in bytes * @param cpi the CPI to be used * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL - * @param udp TRUE to use UDP encapsulation + * @param udp ENCAP_UDP to use UDP encapsulation * @param proposal_number the proposal number of the proposal to be linked * @return IKEv1 proposal_substructure_t PROPOSAL_SUBSTRUCTURE_V1 */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, - ipsec_mode_t mode, bool udp, u_int8_t proposal_number); + ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number); #endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index adf19aa67..a588d4e97 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -20,7 +20,7 @@ #include "sa_payload.h" #include <encoding/payloads/encodings.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <daemon.h> /* IKEv1 situation */ @@ -552,8 +552,8 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal) */ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp, - u_int16_t cpi) + auth_method_t auth, ipsec_mode_t mode, + encap_t udp, u_int16_t cpi) { proposal_substructure_t *substruct; private_sa_payload_t *this; @@ -591,8 +591,8 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, */ sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp, - u_int16_t cpi) + auth_method_t auth, ipsec_mode_t mode, + encap_t udp, u_int16_t cpi) { private_sa_payload_t *this; linked_list_t *proposals; diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index 9a88cccd5..b62a341d8 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -27,7 +27,7 @@ typedef struct sa_payload_t sa_payload_t; #include <library.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/proposal_substructure.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <kernel/kernel_ipsec.h> #include <sa/authenticator.h> @@ -133,13 +133,13 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal); * @param lifebytes lifebytes, in bytes * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL - * @param udp TRUE to use UDP encapsulation + * @param udp ENCAP_UDP to use UDP encapsulation * @param cpi CPI in case IPComp should be used * @return sa_payload_t object */ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp, + auth_method_t auth, ipsec_mode_t mode, encap_t udp, u_int16_t cpi); /** @@ -150,13 +150,13 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, * @param lifebytes lifebytes, in bytes * @param auth authentication method to use, or AUTH_NONE * @param mode IPsec encapsulation mode, TRANSPORT or TUNNEL - * @param udp TRUE to use UDP encapsulation + * @param udp ENCAP_UDP to use UDP encapsulation * @param cpi CPI in case IPComp should be used * @return sa_payload_t object */ sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, - auth_method_t auth, ipsec_mode_t mode, bool udp, + auth_method_t auth, ipsec_mode_t mode, encap_t udp, u_int16_t cpi); #endif /** SA_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 378f5bbc3..15f791b95 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -18,7 +18,7 @@ #include "traffic_selector_substructure.h" #include <encoding/payloads/encodings.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> typedef struct private_traffic_selector_substructure_t private_traffic_selector_substructure_t; diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h index 1ad5fb526..d3fbe8476 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h @@ -25,7 +25,7 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t; #include <library.h> -#include <utils/host.h> +#include <networking/host.h> #include <selectors/traffic_selector.h> #include <encoding/payloads/payload.h> diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index a4a920b60..a85027561 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -22,7 +22,7 @@ #include <encoding/payloads/transform_attribute.h> #include <encoding/payloads/encodings.h> #include <library.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <daemon.h> typedef struct private_transform_substructure_t private_transform_substructure_t; diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index 947df24f9..97717e65b 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -27,7 +27,7 @@ typedef struct transform_substructure_t transform_substructure_t; #include <library.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/transform_attribute.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <crypto/diffie_hellman.h> #include <crypto/signers/signer.h> #include <crypto/prfs/prf.h> diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index a7678da73..8dfa47bc2 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -20,7 +20,7 @@ #include "ts_payload.h" #include <encoding/payloads/encodings.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> typedef struct private_ts_payload_t private_ts_payload_t; diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h index 5a92655dc..933245c62 100644 --- a/src/libcharon/encoding/payloads/ts_payload.h +++ b/src/libcharon/encoding/payloads/ts_payload.h @@ -25,7 +25,7 @@ typedef struct ts_payload_t ts_payload_t; #include <library.h> -#include <utils/linked_list.h> +#include <collections/linked_list.h> #include <selectors/traffic_selector.h> #include <encoding/payloads/payload.h> #include <encoding/payloads/traffic_selector_substructure.h> |